| Summary: | ESP is mounted with read-write access for root and no read for non-root users | ||
|---|---|---|---|
| Product: | systemd | Reporter: | Mateus Rodrigues Costa <mateusrodcosta> |
| Component: | general | Assignee: | systemd-bugs |
| Status: | RESOLVED NOTABUG | QA Contact: | systemd-bugs |
| Severity: | major | ||
| Priority: | medium | ||
| Version: | unspecified | ||
| Hardware: | x86-64 (AMD64) | ||
| OS: | Linux (All) | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
| Attachments: |
ls output - after login
ls output - 5 seconds later |
||
Created attachment 95128 [details]
ls output - 5 seconds later
Er... I accidentally sent it while trying to attach the logs.
Anyway here is the boot.mount status and my partition table:
[mateus@mateus-arch ~]$ systemctl status /boot
boot.mount - EFI System Partition
Loaded: loaded (/run/systemd/generator.late/boot.mount)
Active: active (mounted) since Ter 2014-03-04 20:43:40 BRT; 19min ago
Where: /boot
What: /dev/sda1
Process: 2847 ExecMount=/bin/mount /dev/disk/by-partuuid/65657b71-3a87-4d05-bf35-9a646bc7daa5 /boot -t auto -o umask=0077,noauto (code=exited, status=0/SUCCESS)
Mar 04 20:43:40 mateus-arch systemd[1]: Mounted EFI System Partition.
[mateus@mateus-arch ~]$ sudo gdisk -l /dev/sda
[sudo] password for mateus:
GPT fdisk (gdisk) version 0.8.10
Partition table scan:
MBR: protective
BSD: not present
APM: not present
GPT: present
Found valid GPT with protective MBR; using GPT.
Disk /dev/sda: 1953525168 sectors, 931.5 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): CE220B3C-2146-489B-B01B-2AE9E8A5C502
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 1953525134
Partitions will be aligned on 2048-sector boundaries
Total free space is 2014 sectors (1007.0 KiB)
Number Start (sector) End (sector) Size Code Name
1 2048 2099199 1024.0 MiB EF00 EFI System Partition
2 2099200 2361343 128.0 MiB 0C01 Microsoft reserved ...
3 2361344 421791743 200.0 GiB 0700 Windows 7
4 421791744 631506943 100.0 GiB 8300 Arch Linux
5 631506944 665061375 16.0 GiB 8200 Swap
6 665061376 1953525134 614.4 GiB 8302 Home
Also the fstab if it is relevant in any way
[mateus@mateus-arch ~]$ cat /etc/fstab
#
# /etc/fstab: static file system information
#
# <file system> <dir> <type> <options> <dump> <pass>
# Arch Linux
PARTUUID=5a0089ed-dc7f-41ec-a0e2-8aeefffcab8a / btrfs defaults,relatime,compress=zlib 0 0
The ESP might contain security sensitive files (boot loader passwords, ...), and FAT knows no access bits, which means we have to block the entire partition from unpriviliged user access. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
Created attachment 95126 [details] ls output - after login Under Arch Linux with systemd 208-11 and systemd 210-2 Arch Linux is installed in UEFI-GPT mode and I'm letting systemd mount everything with only the root filesystem being on the fstab. The permission on /boot are fine if I run ls as soon as I login to GNOME: And around five seconds later : [mateus@mateus-arch ~]$ ls -l / total 24 lrwxrwxrwx 1 root root 7 Mai 31 2013 bin -> usr/bin drwx------ 4 root root 4096 Dez 31 1969 boot drwxr-xr-x 19 root root 3320 Mar 4 20:42 dev drwxr-xr-x 1 root root 3622 Mar 4 20:42 etc drwxr-xr-x 4 root root 4096 Fev 23 16:41 home lrwxrwxrwx 1 root root 7 Mai 31 2013 lib -> usr/lib lrwxrwxrwx 1 root root 7 Mai 31 2013 lib64 -> usr/lib drwxr-xr-x 1 root root 4 Fev 23 16:51 mnt drwxr-xr-x 1 root root 58 Fev 28 23:12 opt dr-xr-xr-x 215 root root 0 Mar 4 20:42 proc drwxr-x--- 1 root root 66 Mar 2 11:42 root drwxr-xr-x 25 root root 680 Mar 4 20:43 run lrwxrwxrwx 1 root root 7 Mai 31 2013 sbin -> usr/bin drwxr-xr-x 1 root root 26 Fev 23 23:32 srv dr-xr-xr-x 13 root root 0 Mar 4 20:42 sys drwxrwxrwt 13 root root 300 Mar 4 20:43 tmp drwxr-xr-x 1 root root 80 Mar 1 22:37 usr drwxr-xr-x 1 root root 100 Mar 1 22:37 var Here